NIST publishes a final IoT guide for manufacturers

The US National Institute of Standards and Technology (NIST) published a final guide titled NISTIR 8259 – Foundational Cybersecurity Activities for IoT Device Manufacturers following two previous drafts. The guide details six recommended foundational activities that manufacturers should consider implementing to improve the security of their Internet of things (IoT) devices. Four of these actions relate to the manufacturer’s actions before a device is sold, and the last two actions influence decisions and actions performed by the manufacturer after the sale. These activities can help manufacturers reduce consumers’ cybersecurity concerns, and as a result, possible IoT device attacks. The publication was accompanied by a related guide titled NISTIR 8259A – IoT Device Cybersecurity Capability Core Baseline. This guide aims to provide organisations information on how to identify cybersecurity capabilities (a set of abilities that protect an organisation’s devices, systems, and ecosystems) for new IoT devices they plan to manufacture, integrate, or acquire.